lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40461CE0.30308@onryou.com>
From: lists2 at onryou.com (Cael Abal)
Subject: Backdoor not recognized by Kaspersky

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Cael...take a more sensible approach...no password parsing to scan
> needed...have the AV/mail gateways stop any zip with any executable
> inside. You don't need to use the password to see that there is an
> .exe/.scr/.com/.whatever inside a zip.  You see it, you nuke the zip.
> If your policies allow zipped executables to meander through your mail
> system as long as they pass a virues scan, you must have damned busy 0
> days.  This ain't complicated...at all.

Hi Bart,

Interesting suggestion but I'm not prepared to arbitrarily kill any
zipped executable (even just those which have been passworded).  I'm
just not comfortable with the false-positives.

Historically, passworded .zip files have been the only remotely
acceptable way to e-mail executables.  I'm hesitant to give that up.

I'd still rather allow all passworded .zips and rely on the client's AV
to nab it.

take care,

Cael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFARhzgR2vQ2HfQHfsRAs3cAKCadpIZHrs4IAekAgzsH9lA9+V1tgCeJKLt
xeNUFGPnYnBA9kZXKIFOFas=
=/9B3
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists